Whether you're a CGI expert or have no experience, learn how to download CGI scripts and how to configure them so that they'll run on your Web site. Also discover some efficient debugging techniques to use on the downloaded scripts, as well as your own.

This chapter is from the book

This chapter is from the book

Before I begin to discuss how to design and create your own CGI scripts, I
thought I'd give you the opportunity to save yourself a lot of work. There
are thousands of CGI scripts that have already been written and are publicly
available for download over the Internet. In some cases, rather than writing a
script of your own, you can download a script from the Internet and use it
instead. This hour also explains some methods for debugging CGI scripts after
they're installed. You can use these methods to get scripts you download to
work, or to debug your own CGI scripts.

The topics covered in this hour are

A discussion of how to download scripts from the Internet

Information on installing and configuring scripts you download

Information on debugging CGI scripts using a number of different
techniques

Downloading Scripts from the Internet

The objective of this book is to teach you how to build your own Web
applications using CGI. However, it isn't here to convince you to do
unnecessary work. There are bunches of CGI scripts other people have written
that you can download from the Internet and use on your own site.

These scripts are useful for two purposes. First, they can save you a lot of
work. If you can find a script out there that provides the functionality you
need for an application, you may want to use it instead of writing a program
from scratch. Second, they can help teach you how to write better applications.
You can look at existing programs to see how the author accomplished certain
tasks, and decide how you might design your own programs differently, or how you
might apply their solutions to problems you have to solve.

Finding the Scripts You Need

In order to find CGI programs to use on your Web sites, you need to know
where to look. There are a number of popular repositories for free CGI scripts
on the Internet. The best way to find the scripts you need is to search for
scripts that seem to offer the functionality you require, and then download
those scripts and evaluate them carefully. Some of the most popular script
repositories are included in Table 3.1.

The NMS scripts are drop-in replacements for scripts originally written by
Matt Wright. Matt's scripts were some of the earliest publicly available
CGI programs, and were widely adopted. Thousands of sites and ISPs still have
them installed. Unfortunately, they're kind of buggy and are fraught with
security holes. The NMS scripts work just like Matt's scripts, except
without the bugs and security problems.

What to Look for in Publicly-Available Scripts

Obviously, the first thing to look for is whether the CGI script meets the
requirements for your application. Without a well-defined set of requirements,
it's impossible to reasonably compare one script to another. After
you're certain what the application's requirements are, you can start
narrowing the field of the CGI scripts available to ones that meet those
requirements.

Beyond the satisfaction of your requirements, there are some other issues
that you should investigate before using a CGI script that you downloaded over
the Internet. These issues surround the general reliability and maintainability
of publicly distributed scripts.

Quality of the Source Code

When you download a CGI script from the Internet to use on your site, one
issue you'll really want to look into is the quality of the script's
source code. Before you start using the script, check out the formatting and
comments in the source code. Is the program readable? Can you follow what it
does? If not, it may not be worth using. If you need to fix something later, or
you want to add some functionality, it's nice to be able to go right in and
see where changes need to be made.

Quality source code indicates that the script's author took care when
writing the script, and it is also a good sign that the code itself is of high
quality. If you're reviewing a number of scripts before you look at any of
them in depth, you should be able to throw away scripts that aren't written
in an organized and neat manner.

Security

Any time you place a CGI script with a security hole on your server,
there's a chance that some malicious person could exploit it to gain access
to the server. Well-written CGI scripts don't have security holes.
Unfortunately, the Web is full of CGI scripts that aren't well written, and
that will introduce security holes on your site. Many of them are written by
people to use on their own Web sites; some of them are distributed for use by
the public.

These scripts have security holes not because the authors want to expose
people who use the scripts to risks, but because writing secure software is
difficult. You should be aware of the fact that any time you download someone
else's program and use it on your server, there might be security problems
with the program that you don't know about.

Think about itif thousands of people are using the same insecure
script, chances are somebody has figured out where the hole is. If the person
who discovered the hole, or any person who's heard about the security hole,
is interested in breaking into your Web server, he can take advantage of the
publicly known security flaw.

Even worse, this malicious person can use Internet search engines to find
sites that use the offending CGI script, and then break into them. So it's
very important to understand CGI script security when you install CGI scripts,
and to review the source code for the scripts before you install them on your
Web server. In Hour 22, "Securing CGI Scripts," I'll talk more
about CGI security and provide a list of sites where you can find out about
security problems with scripts that you might be using.

Support

One question you'll want to get an answer to is how much support the
author of the script provides. Support comes in two forms: direct support to
users who are having problems, and regular improvements and updates to the
program. Most people who distribute software for free don't provide much
personal support, although if you treat them nicely, they'll often answer
questions. On the other hand, you should look for scripts that are being
actively maintained by their authors, or by someone who has taken over the
maintenance of the software.

Despite the best efforts of software developers, most software has bugs,
security holes, and other problems that must be fixed. If nobody is maintaining
the program you use, it's up to you to maintain it yourself. For most
people, it's easier to rely on the original author to maintain a script
than to maintain it themselves.

If you purchase commercial scripts, you should make sure that the company you
deal with offers adequate support for your problems. Dealing with a one man shop
where the developer also provides support and handles sales can be a pain if the
proprietor gets overburdened or decides to get a regular job instead of keeping
up with their products.